Info

Disclosure

Nov 28, 2005

Discovery

Nov 28, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

WebCalendar contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the export_handler.php script not properly sanitizing user-supplied input to the 'id', 'format', 'use_all_dates', 'include_layers', 'fromyear', 'frommonth', 'fromday', 'endyear', 'endmonth', 'endday', 'modyear', 'modmonth' and 'modday' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the WebCalendar staff have released a patch to address this vulnerability.

Products

Craig Knudsen

WebCalendar

1.0.1

References

Secunia Advisory ID: 17784 19240
CVE ID: 2005-3949 (see also: NVD)
Related OSVDB ID: 21216 21217 21218 21220
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0951.html
Vendor Specific Advisory URL: http://www.debian.org/security/2006/dsa-1002
Vendor URL: http://www.k5n.us/webcalendar.php?topic=About
Other Advisory URL: http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities/
Vendor Specific News/Changelog Entry: https://sourceforge.net/tracker/index.php?func=detail&aid=1369439&group_id=3870&atid=303870

Credit

Francesco "aScii" Ongaro - asciikatamail.com -

Direct URL: http://osvdb.org/21219